Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:358
HistoryJun 20, 2000 - 12:00 a.m.

[TL-Security-Announce] Linux Kernel TLSA2000013-1

2000-06-2000:00:00
vulners.com
14
JSON
                    TurboLinux Security Announcement


    Package: kernel-2.2.15 and earlier
    Date: Monday June 19 17:45 PDT 2000

    Affected TurboLinux versions: 6.0.5 and earlier
    Vulnerability Type: local root compromise
    TurboLinux Advisory ID#:  TLSA2000013-1
    BugTraq ID#: 1322
    Credits: This vulnerability was discovered by Wojciech Purczynski.

A security hole was discovered in the package mentioned above.
Please update the package in your installation as soon as possible.

  1. Problem Summary

    Originally this security bug was reported by Sendmail. An unsafe
    fgets() usage in sendmail's mail.local exposes the setuid() security
    hole in the Linux kernel. This vunlnerability allows local users to
    obtain root privilege by exploiting setuid root applications.

  2. Impact

    Any local user with an account can use this vulnerability to obtain
    root priviledges by exploiting setuid root applications.

  3. a) Solution

Please read section 3. b) if you use "TurboLinux Data Server with
DB2" or "TurboLinux Data Server Optimized for Oracle 8i".

Update the packages from our ftp server by running the following command
for each package:

rpm -Uvh --nodeps --Force ftp_path_to_filename

Where ftp_path_to_filename is one of the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-utils-2.2.16-0.4.i386.rpm

The source RPM can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/kernel-2.2.16-0.4.src.rpm

**Note: You must rebuild and install the RPM if you choose to download
and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE
THE SECURITY HOLE.

Please verify the MD5 checksum of the update before you install:

MD5 sum Package Name

8861693c10c2a784f35ba603270d2ade kernel-2.2.16-0.4.i386.rpm
d527dcb4a491eae049a560cc6ff0a4e0 kernel-2.2.16-0.4.src.rpm
3d70924bf24c74c9d2173ab2b7e696b0 kernel-BOOT-2.2.16-0.4.i386.rpm
8138707ad72cea856d9aed01042870ae kernel-doc-2.2.16-0.4.i386.rpm
acca46851b1781a6c42e6a8a0a0a4426 kernel-headers-2.2.16-0.4.i386.rpm
b8f54e8971270827bf5b5df1520877b5 kernel-ibcs-2.2.16-0.4.i386.rpm
6b2a24f7d677aa0739a5a113f0621f4f kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
60aa909b603afa5fd895fbd693463e50 kernel-smp-2.2.16-0.4.i386.rpm
e2a15e2ee9679f390908861513effd94 kernel-source-2.2.16-0.4.i386.rpm
9668cfd45fac0332c304a4e9f78dc4c9 kernel-utils-2.2.16-0.4.i386.rpm

  1. b) Solution for TurboLinux Data Server

This section only applies if you use "TurboLinux Data Server with
DB2" or "TurboLinux Data Server Optimized for Oracle 8i".

Update the packages from our ftp server by running the following command
for each package:

rpm -Uvh --nodeps --Force ftp_path_to_filename

Where ftp_path_to_filename is one of the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-utils-2.2.16-0.4.i386.rpm

The source RPM can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.src.rpm

**Note: You must rebuild and install the RPM if you choose to download
and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE
THE SECURITY HOLE.

Please verify the MD5 checksum of the update before you install:

MD5 sum Package Name

72b08a2760ef2f6ab7d1c3861bfb5d77 kernel-2.2.16-0.4.i386.rpm
872639a08f38b32f1879ad585b388624 kernel-2.2.16-0.4.src.rpm
6e9f553a05d85440d6405f539a0b0e25 kernel-BOOT-2.2.16-0.4.i386.rpm
eee26cc58861b1ebf8bf9cef5263aedf kernel-doc-2.2.16-0.4.i386.rpm
1f8f01f0b3e2d598ed1569ce99a25b75 kernel-headers-2.2.16-0.4.i386.rpm
a5fd0f5f1dcc175b324606dd26162238 kernel-ibcs-2.2.16-0.4.i386.rpm
a9957820afeb81274d6a15d2411213b6 kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
a03c1aee79c2c7a9a8e92abd7df5ea08 kernel-smp-2.2.16-0.4.i386.rpm
8a669d467d515ad88f8710a13fd97ccb kernel-source-2.2.16-0.4.i386.rpm
138719960abc9eb52925f1507816cadf kernel-utils-2.2.16-0.4.i386.rpm

These packages are GPG signed by Turbolinux for security. Our key
is available here:

http://www.turbolinux.com/security/tlgpgkey.asc

To verify a package, use the following command:

rpm --checksig name_of_rpm

To examine only the md5sum, use the following command:

rpm --checksig --nogpg name_of_rpm

**Note: Checking GPG keys requires RPM 3.0 or higher.

You can find more updates on our ftp server:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation
and Server security updates
ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation
and Server security updates

Our webpage for security announcements:

http://www.turbolinux.com/security

If you want to report vulnerabilities, please contact:

[email protected]

Subscribe to the TurboLinux Security Mailing lists:

TL-security - A moderated list for discussing security issues in TurboLinux
products.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security

TL-security-announce - An announce-only mailing list for security updates
and alerts.
Subscribe at
http://www.turbolinux.com/mailman/listinfo/tl-security-announce

JSON